Serverside fixes for endpoint arguments

Passing a datetime object would crash the serializer. This is the first half of an implementation to solve that problem by providing task arguments to the client.

Author: brahmlower

CssefClient/cssef-cli

@@ -16,8 +16,12 @@ class Menu(object):
         # Start by looping over the endpoint sources
         for source in self.source_list:
             for endpoint in source['endpoints']:
-                self.menu_dict[endpoint['menu_path']] = \
-                RPCEndpoint(self.config, endpoint['rpc_name'])
+                command_inst = RPCEndpoint(
+                    self.config,
+                    endpoint['rpc_name'],
+                    endpoint['args'])
+                self.menu_dict[endpoint['menu_path']] = command_inst
+                
 
     def get_command(self, command_list):
         """Gets the selected command from the menu dictionary
@@ -174,11 +178,16 @@ if __name__ == "__main__":
     client.load_endpoints()
     client.load_token(auth=user_input.command_args['auth'])
 
-    # Call command and handle return
+    # Build the command menu and instantiate the RCPEndpoint we'll be calling
     commandMenu = Menu(client.config, client.endpoints)
     commandMenu.construct()
-
     command = commandMenu.get_command(user_input.command)
+
+    # Make sure our provided input matches what we were told to send to the client
+    if not command.validate_input(user_input.command_args):
+        print "Invalid arguments"
+        sys.exit()
+
     output_obj = client.call_endpoint(command, user_input.command_args)
     print_output(output_obj)
     sys.exit(output_obj.value)

CssefClient/cssefclient/utils.py

@@ -2,6 +2,8 @@
 import re
 import sys
 import stat
+import time
+from datetime import datetime
 
 class CommandOutput(object):
     def __init__(self, value, message, content):
@@ -36,7 +38,7 @@ class RPCEndpoint(object):
     This class gets subclassed by other classes to define a specific
     task on the cssef server.
     """
-    def __init__(self, config, rpc_name):
+    def __init__(self, config, rpc_name, args = []):
         """
         Args:
             config (Configuration): The current configuration to use
@@ -50,6 +52,14 @@ def __init__(self, config, rpc_name):
         """
         self.config = config
         self.rpc_name = rpc_name
+        self.args = args
+
+    def validate_input(self, user_input):
+        for i in self.args:
+            if i['required'] and i['name'] not in user_input:
+                # Argument missing from the input
+                return False
+        return True
 
     def execute(self, **kwargs):
         """Calls the rpc endpoint on the remote server
@@ -66,24 +76,22 @@ def execute(self, **kwargs):
         """
         if self.config.verbose:
             print "[LOGGING] Calling rpc with name '%s'."  % self.rpc_name
+        # "Serialize" datetime objects
+        for i in kwargs:
+            if isinstance(kwargs[i], datetime):
+                print "Found datetime object"
+                # Overwrite the datetime object to a unix timestamp representing the same time
+                kwargs[i] = time.mktime(kwargs[i].timetuple())
+        # Try the api call
         try:
-            # This is a hint at a larger issue- If I don't cast this to an
-            # integer, it is passed to send_task() and get() as a string
-            # rather than an expected integer. This means all values read
-            # from the configuration object are strings, which may be
-            # problematic if a value MUST be an integer.
-            #task_timeout = int(self.config.task_timeout)
-            #self.task = self.config.apiConn.send_task(self.endpointName,
-            #    args = args, kwargs = kwargs, expires = task_timeout)
-            #result = self.task.get(timeout = task_timeout)
             output_dict = self.config.server_connection.request(self.rpc_name, **kwargs)
-            if output_dict:
-                return CommandOutput(**output_dict)
-            else:
-                return CommandOutput(value=-1, content=[], \
-                    message=['Call to endpoint returned "None".'])
         except Exception as err:
             return CommandOutput(value=-1, content=[], message=[str(err)])
+        # Handle the returned api data
+        if output_dict:
+            return CommandOutput(**output_dict)
+        return CommandOutput(value=-1, content=[], \
+            message=["Call to endpoint '%s' returned 'None'." % self.rpc_name])
 
 def load_token_file(token_file):
     """Load token from a file

CssefServer/cssefserver/__init__.py

@@ -121,18 +121,18 @@ def __init__(self, config):
 
     @classmethod
     def endpoint_info(cls):
-        tmp_dict = {}
-        tmp_dict['name'] = cls.__name__
+        tmp_dict = cls.as_dict()
         tmp_dict['endpoints'] = []
         for endpoint in cls.endpoints:
             tmp_dict['endpoints'].append(endpoint.info_dict())
         return tmp_dict
 
-    def as_dict(self):
+    @classmethod
+    def as_dict(cls):
         tmp_dict = {}
-        tmp_dict['name'] = self.name
-        tmp_dict['short_name'] = self.short_name
-        tmp_dict['version'] = self.__version__
+        tmp_dict['name'] = cls.name
+        tmp_dict['short_name'] = cls.short_name
+        tmp_dict['version'] = cls.__version__
         return tmp_dict
 
 # Dumpy old logging methods

CssefServer/cssefserver/account/tasks.py

@@ -1,3 +1,4 @@
+import logging
 from cssefserver.utils import get_empty_return_dict
 from cssefserver.utils import CssefRPCEndpoint
 from cssefserver.taskutils import model_del
@@ -12,8 +13,13 @@ class OrganizationAdd(CssefRPCEndpoint):
     name = "Organization Add"
     rpc_name = "organizationadd"
     menu_path = "organization.add"
-    onRequestArgs = ['auth']
-    def on_request(self, auth, **kwargs):
+    args = [
+        {'name': 'name', 'type': 'str', 'required': True},
+        {'name': 'description', 'type': 'str', 'required': True},
+        {'name': 'can_add_users', 'type': 'bool', 'required': False},
+        {'name': 'can_delete_users', 'type': 'bool', 'required': False}]
+
+    def on_request(self, **kwargs):
         """Celery task to create a new organization.
 
         Args:
@@ -23,10 +29,7 @@ def on_request(self, auth, **kwargs):
             A return_dict dictionary containing the results of the API call. See
             get_empty_return_dict for more information.
         """
-        try:
-            authorize_access(self.database_connection, auth, self.config)
-        except CssefException as err:
-            return err.as_return_dict()
+        authorize_access(self.database_connection, self.auth, self.config)
         organization = Organization.from_dict(self.database_connection, kwargs)
         return_dict = get_empty_return_dict()
         return_dict['content'].append(organization.as_dict())
@@ -36,9 +39,10 @@ class OrganizationDel(CssefRPCEndpoint):
     name = "Organization Delete"
     rpc_name = "organizationdel"
     menu_path = "organization.del"
-    takesKwargs = False
-    onRequestArgs = ['auth', 'pkid']
-    def on_request(self, auth, pkid):
+    args = [
+        {'name': 'pkid', 'type': 'int', 'required': True}]
+
+    def on_request(self, pkid):
         """Celery task to delete an existing organization.
 
         Args:
@@ -48,15 +52,21 @@ def on_request(self, auth, pkid):
             A return_dict dictionary containing the results of the API call. See
             get_empty_return_dict for more information.
         """
-        authorize_access(self.database_connection, auth, self.config)
+        authorize_access(self.database_connection, self.auth, self.config)
         return model_del(Organization, self.database_connection, pkid)
 
 class OrganizationSet(CssefRPCEndpoint):
     name = "Organization Set"
     rpc_name = "organizationset"
     menu_path = "organization.set"
-    onRequestArgs = ['auth', 'pkid']
-    def on_request(self, auth, pkid, **kwargs):
+    args = [
+        {'name': 'pkid', 'type': 'int', 'required': True},
+        {'name': 'name', 'type': 'str', 'required': False},
+        {'name': 'description', 'type': 'str', 'required': False},
+        {'name': 'can_add_users', 'type': 'bool', 'required': False},
+        {'name': 'can_delete_users', 'type': 'bool', 'required': False}]
+
+    def on_request(self, pkid, **kwargs):
         """Celery task to edit an existing organization.
 
         Args:
@@ -67,15 +77,21 @@ def on_request(self, auth, pkid, **kwargs):
             A return_dict dictionary containing the results of the API call. See
             get_empty_return_dict for more information.
         """
-        authorize_access(self.database_connection, auth, self.config)
+        authorize_access(self.database_connection, self.auth, self.config)
         return model_set(Organization, self.database_connection, pkid, **kwargs)
 
 class OrganizationGet(CssefRPCEndpoint):
     name = "Organization Get"
     rpc_name = "organizationget"
     menu_path = "organization.get"
-    onRequestArgs = ['auth']
-    def on_request(self, auth, **kwargs):
+    args = [
+        {'name': 'pkid', 'type': 'str', 'required': False},
+        {'name': 'name', 'type': 'str', 'required': False},
+        {'name': 'description', 'type': 'str', 'required': False},
+        {'name': 'can_add_users', 'type': 'bool', 'required': False},
+        {'name': 'can_delete_users', 'type': 'bool', 'required': False}]
+
+    def on_request(self, **kwargs):
         """Celery task to get one or more existing organization.
 
         Args:
@@ -85,15 +101,20 @@ def on_request(self, auth, **kwargs):
             A return_dict dictionary containing the results of the API call. See
             get_empty_return_dict for more information.
         """
-        authorize_access(self.database_connection, auth, self.config)
+        authorize_access(self.database_connection, self.auth, self.config)
         return model_get(Organization, self.database_connection, **kwargs)
 
 class UserAdd(CssefRPCEndpoint):
     name = "User Add"
     rpc_name = "useradd"
     menu_path = "user.add"
-    onRequestArgs = ['auth']
-    def on_request(self, auth, **kwargs):
+    args = [
+        {'name': 'name', 'type': 'str', 'required': True},
+        {'name': 'username', 'type': 'str', 'required': True},
+        {'name': 'password', 'type': 'str', 'required': True},
+        {'name': 'organization', 'type': 'int', 'required': True}]
+
+    def on_request(self, **kwargs):
         """Celery task to create a new user.
 
         Args:
@@ -105,7 +126,7 @@ def on_request(self, auth, **kwargs):
             get_empty_return_dict for more information.
         """
         try:
-            authorize_access(self.database_connection, auth, self.config)
+            authorize_access(self.database_connection, self.auth, self.config)
         except CssefException as err:
             return err.as_return_dict()
         #kwargs['organization'] = organization
@@ -118,9 +139,10 @@ class UserDel(CssefRPCEndpoint):
     name = "User Delete"
     rpc_name = "userdel"
     menu_path = "user.del"
-    takesKwargs = False
-    onRequestArgs = ['auth', 'pkid']
-    def on_request(self, auth, pkid):
+    args = [
+        {'name': 'pkid', 'type': 'int', 'required': True}]
+
+    def on_request(self, pkid):
         """Celery task to delete an existing user.
 
         Args:
@@ -130,15 +152,20 @@ def on_request(self, auth, pkid):
             A return_dict dictionary containing the results of the API call. See
             get_empty_return_dict for more information.
         """
-        authorize_access(self.database_connection, auth, self.config)
+        authorize_access(self.database_connection, self.auth, self.config)
         return model_del(User, self.database_connection, pkid)
 
 class UserSet(CssefRPCEndpoint):
     name = "User Set"
     rpc_name = "userset"
     menu_path = "user.set"
-    onRequestArgs = ['auth', 'pkid']
-    def on_request(self, auth, pkid, **kwargs):
+    args = [
+        {'name': 'pkid', 'type': 'int', 'required': True},
+        {'name': 'name', 'type': 'str', 'required': False},
+        {'name': 'username', 'type': 'str', 'required': False},
+        {'name': 'password', 'type': 'str', 'required': False}]
+
+    def on_request(self, pkid, **kwargs):
         """Celery task to edit an existing user.
 
         Args:
@@ -149,15 +176,20 @@ def on_request(self, auth, pkid, **kwargs):
             A return_dict dictionary containing the results of the API call. See
             get_empty_return_dict for more information.
         """
-        authorize_access(self.database_connection, auth, self.config)
+        authorize_access(self.database_connection, self.auth, self.config)
         return model_set(User, self.database_connection, pkid, **kwargs)
 
 class UserGet(CssefRPCEndpoint):
     name = "User Get"
     rpc_name = "userget"
     menu_path = "user.get"
-    onRequestArgs = ['auth']
-    def on_request(self, auth, **kwargs):
+    args = [
+        {'name': 'pkid', 'type': 'int', 'required': False},
+        {'name': 'name', 'type': 'str', 'required': False},
+        {'name': 'username', 'type': 'str', 'required': False},
+        {'name': 'organization', 'type': 'int', 'required': False}]
+
+    def on_request(self, **kwargs):
         """Celery task to get one or more existing users.
 
         Args:
@@ -167,7 +199,7 @@ def on_request(self, auth, **kwargs):
             A return_dict dictionary containing the results of the API call. See
             get_empty_return_dict for more information.
         """
-        authorize_access(self.database_connection, auth, self.config)
+        authorize_access(self.database_connection, self.auth, self.config)
         return model_get(User, self.database_connection, **kwargs)
 
 def endpoint_source():